default = firefox

Thinking this morning about the latest Windows zero-day exploits that have been found, I note something quite surprising that happened recently. Over the last few weeks I've been testing a system which is based around users triggering protocol handlers via their browser; basically they go to a website, fill in some forms, click on a link and another program is launched. We are running a closed alpha at the moment with a fair number of users participating.

It was discovered that actually, the whole protocol thing just doesn't work at all in IE. (This is not the bit that surprised me of course.) I hadn't checked IE, partly because it's a pain in the arse rebooting my Linux machine just to launch Windows, and in this instance Parallels wouldn't be an appropriate testing environment, but also because we got the Windows handler from another company and I'd assumed they'd tested in IE. And also, everyone else in the company uses Windows so I'd assumed they'd tested with IE.

This is the classic sort of assumption that one should never make of course and I hold my hands up to that. What surprised me was that not only did none of the internal testers spot this, none of the external alpha testers spotted it either until a couple of days ago. Out of several dozen people over a period of weeks not one had tried to use Windows IE. I'd had people with issues on Ubuntu with Firefox and several on the Mac, but IE? Nah.

Granted that a lot of the people here are techie/early adopter types, but I would have expected it to pop up when we started letting the alpha testers in - believe me, not all of them are what you'd call "techie". It seems like the threshold for "not using IE" has changed from "knows about browser security" to "spends any serious time on the internet at all".